diff -r 66442f81f823 -r c7f5b062e622 src/server/daemon/keyfile_auth.c
--- a/src/server/daemon/keyfile_auth.c	Sat May 11 13:28:26 2013 +0200
+++ b/src/server/daemon/keyfile_auth.c	Wed May 22 13:27:31 2013 +0200
@@ -141,7 +141,7 @@
      * the SSHA hash is already base64 decoded
      */
     
-    char *salt = user->hash + user->hashlen - 8; // last 8 bytes are salt 
+    char *salt = user->hash + user->hashlen - 8; // last 8 bytes are the salt 
     size_t pwlen = strlen(password);
     
     size_t saltpwlen = pwlen + 8;
@@ -153,11 +153,8 @@
     SHA1((const unsigned char*)saltpw, saltpwlen, pwhash);
     
     if(!memcmp(user->hash, pwhash, 20)) {
-        free(pwhash);
         return 1;
+    } else {
+        return 0;
     }
-    
-    free(pwhash);
-    
-    return 0;
 }